If you are using ModSecurity v2.7.x then I suggest you use the latest OWASP CRS as I fixed many of the greedy regexs - http://spiderlabs.github.com/owasp-modsecurity-crs/
-- Ryan Barnett Lead Security Researcher Trustwave - SpiderLabs On Nov 21, 2012, at 11:11 AM, "Avi Rosenblatt" <a...@greensmoke.net> wrote: > Hi, > I'm getting a lot of 'PCRE limits exceeded' specifically with > modsecurity_crs_41_sql_injection_attacks.conf line 77 (owasp crs v2.2.5) > Some of the hits are legitimate and some are attacks. If the attack gets this > error, does that mean it's not blocked(I'm currently running in DetectionOnly > mode)? I'm playing with the PCRE limits config params and at 50,000 I'm still > getting this message. > Thanx in advance for the help. > > Avi Rosenblatt > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
